Display Widgets Plugin Dynamic Post Hacker Code

Display Widgets Plugin Dynamic Post Hacker Code

After being moderated I noticed another issue with the Display Widgets plugin related to code which looks like it generates a WordPress Post dynamically when logged OUT users visit a site!

Screenshot of some of the code above, it’s from the geolocation.php file.

This code allows the Display Widgets plugin developer to dynamically generate a WordPress Post on Display Widget plugin user sites (up to 200,000 sites – I think at least 50,000 updated to the 2.6.* code).

Tweet Image

Continue Reading Display Widgets Plugin Review